since 1999

Bad Password Practices are Responsible For Most Data Breaches. You Can do Better.

Verizon DBIR says 61% of data breaches are the result of bad password practices. Your app can avoid some of the pitfalls with a few precautions, especially using slow hashes and 2FA.

Calls to Ban Effective Encryption Continue Despite Data Breach Crisis

Calls for the U.S. Congress to ban effective encryption are repeated despite the current information security crisis in which data breaches are regular news.

U.S. Senate Bill Seeks to Ban Effective Encryption, Making Security Illegal

Senators Feinstein, Burr published a bill in the United States Senate that would effectively ban effective encryption. This bill essentially says you can not have any conversation or data exchange that the government can not access if it wants to.

It is not just one iPhone, the FBI wants a future where it is impractical to deploy strong encryption without key escrow

The FBI wants a future where it is illegal or impractical to deploy strong encryption without key escrow, which is a key backup system that is insecure at scale. Data breach risks will increase as our devices become less secure.

What is the difference between bcrypt and SHA256?

TL;DR; SHA1, SHA256, and SHA512 are all *fast hashes* and are bad for passwords. BCRYPT is a *slow hash* and is good for passwords. Always use slow hashes, never fast hashes.

Ruby Application Security Talk Featured in Ruby Weekly Issue # 268

What is an Abuser Story (Software)

In software development and product management, an abuser story is a user story from the point of view of a malicious adversary. Abuser stories are used with agile software development methodologies as the basis for defining the activities that should be actively blocked or mitigated by the software and proven by automated regression testing.

What is Application Security?

Uniqueness Validation Race Condition in Ruby on Rails applications

It's easy for race conditions to slip into your code and out into production. 'validates :field_name, uniqueness: true' is not enough to prevent duplicates in your database; here's how to enforce data integrity with both validations and unique indexes.

New Video! Understanding & Defending Against Data Breaches

Security incidents that lead to customer data breaches, which have been happening at an increasing rate. Most of these incidents are preventable, some would have even been stopped by simply having two factor authentication for staff member access.